though most docs claim it to be 0x400 the Wii only reads 0x44 which will be padded by the DI driver to 0x60

0x060

1

Disable hash verification and make all disc reads fail even before they reach the DVD drive.

0x061

1

Disable disc encryption and h3 hash table loading and verification (which effectively also makes all disc reads fail because the h2 hashes won't be able to verify against "something" that will be in the memory of the h3 hash table. none of these two bytes will allow unsigned code)

0x080

380

Padding

0x00

Partitions information

The Wii disc format uses partitions, mostly one is used for updates (the 1st) and the 2nd for the game.

Start

Size

Description

0x40000

4

Total partitions in the disc

0x40004

4

Partition info table offset, Address is (value << 2)

0x40008

4

Total 2nd partitions in the disc (optional)

0x4000C

4

Partition info table offset, Address is (value << 2)

0x40010

4

Total 3rd partitions in the disc (optional)

0x40014

4

Partition info table offset, Address is (value << 2)

0x40018

4

Total 4th partitions in the disc (optional)

0x4001C

4

Partition info table offset, Address is (value << 2)

Partition table entry

Start

Size

Description

0x0

4

Partition offset, Address is (value << 2)

0x4

4

Type: 0 for a Data partition, 1 for an Update partition, 2 for a Channel installer. The demonstration VC titles on Super Smash Brothers Brawl use the Ascii title ID.

Partition Data

Encrypted

Partition data is encrypted using a key, which can be obtained from the partition header and the master key. The actual partition data starts at offset 0x20000 in the partition, and it is formatted in "clusters" of size 0x8000 (32k). Each one of these blocks consists of 0x400 bytes of encrypted SHA-1 hash data, followed by 0x7C00 bytes of encrypted user data. The 0x400 bytes SHA-1 data is encrypted using AES-128-CBC, with the partition key and a null (all zeroes) IV. Clusters are aggregated into subgroups of 8 clusters, and 8 subgroups are aggregated into one group of 64 clusters. The plaintext format is as follows:

Start

End

Length

Description

0x000

0x26B

0x26C

31 SHA-1 hashes ("H0", 20 bytes each), one for each block of 0x400 bytes of the decrypted user data for this cluster.

0x26C

0x27F

0x014

20 bytes of 0x00 padding

0x280

0x31F

0x0A0

8 SHA-1 hashes ("H1"), one for each cluster in this subgroup. Each hash is of the 0x000-0x26B bytes, that is, of the 31 hashes above. This means that each cluster carries a hash of the data cluster hashes for each of the clusters in its subgroup. Every cluster in the subgroup has identical data in this section.

0x320

0x33F

0x020

32 bytes of 0x00 padding

0x340

0x3DF

0x0A0

8 SHA-1 hashes("H2"), one for each subgroup in this group. Each hash is of the 0x280-0x31F bytes above. This means that each cluster carries a hash of the subgroup hash data for each of the subgroups in its group. All 64 clusters in a group have identical data in this section. Bytes 0x3D0-0x3DF here, when encrypted, serve as the IV for the user data.

0x3E0

0x3FF

0x020

32 bytes of 0x00 padding

If you're having trouble seeing how this works, here's the algorithm:

For every 0x400 bytes of user data (plaintext), apply SHA-1. Store the resulting table of hashes.

Aggregate 8 clusters. Apply SHA-1 to the table of data hashes that you've just created above for every cluster, and build a table of the resulting 8 hashes. Store this table in each of the 8 clusters.

Aggregate 8 subgroups (64 clusters). Apply SHA-1 to the table of hashes of each subgroup (note that every cluster in the subgroup shares this, so you only compute the SHA-1 once per subgroup). Build a table, and store a copy of this table into every one of the 64 clusters.

Finally, the global hash table ("H3"; which the partition header points to) contains the SHA-1 hash of the last table of each group in the partition. This table is not encrypted, but it is signed. To build it, take bytes 0x340-0x3DF from any sector in each group in the partition, apply SHA-1, and simply store all of the resulting hashes consecutively. All in all, each sector includes enough information to trace itself back to the master SHA-1 hash table. As a result, the entire partition is effectively signed. If anything is changed, the Wii will immediately crash (if the master hash table has been updated), or it will crash when it reads any sector in the modified group (if the group tables have been updated), any sector in the modified subgroup (if the subgroup tables have been updated), or any modified sector if no SHA-1s were updated.

The signature is stored in the TMD. The TMDs for the partition always have one content. The type of that content seems to be always 3, and the SHA1 hash is the SHA1 of the entire 0x18000 bytes of the hash table.
The TMD is signed using Nintendo private key. That makes basically impossible to run modified discs. Trucha Signer uses the signing bug to bypass the TMD signature checking, so the SHA1 hash of the master table can be updated, and modified discs can be booted.

To decrypt the user data at 0x0400-0x7FFF, again use the partition key, but this time take the IV from bytes 0x3D0-0x3DF in the encrypted SHA-1 block.

Decrypted

Once the Partition Data is decrypted, it follows the same formatting as a Gamecube disc for the most part.

Start

Size

Description

0x00000

1024

Same format as the main disc header, except bytes 0x60 and 0x61 are set to 0x01.

0x00420

4

Pointer to the Main Dolphin, Address is (value << 2)

0x00424

4

Pointer to the File System start, Address is (value << 2)

0x00428

4

File System Size

0x0042C

4

Max File System Size

0x02440

4

Pointer to the App Loader

Known Wii discs

On the Title Database you can find some info about different game discs

Methods to boot a disc

As far as we know there are 2 methods to boot a game.

Method 1 is R (manual boot)
Method 2 is 0 (autoboot)

The Wii BootMe tool (created by CorteX) lets you change the way wii images boot.